EUVD-2022-4629

Malicious code in bioql PyPI...

SUSE CVE-2020-36599

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...

Path Traversal

omniauth is vulnerable to path traversal. The vulnerability exists because the redirecttofailure function of failureendpoint.rb does not properly prefix the path in the messagekey attribute, allowing an attacker to access files outside the expected directory through the endpoint failure...

OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...

DEBIAN-CVE-2020-36599

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...

UBUNTU-CVE-2020-36599

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...

CVE-2020-36599

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...

OmniAuth 安全漏洞

OmniAuth is an authentication system implemented using Rack middleware. A security vulnerability exists in OmniAuth versions prior to 2.0, which stems from lib/omniauth/failureendpoint.rb not escaping the messagekey value...

GHSA-MVQR-R76C-WM5F Devise Token Auth vulnerable to Cross-site Scripting

An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...